如何從Shell腳本反向SSH

Question

下午好，

我正在嘗試使用shell腳本建立反向SSH連接。

下面是我的調用命令，從客戶機到主機上，並返回到客戶端：（重要的數據被替換爲XXXXXX）

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -R 19999:localhost:22 admin@xx.xxx.xx.xx -v "sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:81:localhost:80 root@localhost -p 19999" 

顯示下面是SSH的輸出和用netstat命令 連接情況不幸的是，它顯示爲TIME_WAIT而不是ESTABLISHED，並且我無法從另一臺機器訪問端口80（通過訪問主機上的端口81）

這是建立反向SSH連接的正確方法，無需在主機上鍵入任何內容？

如果我手動運行兩個命令

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -R 19999:localhost:22 dmin@xx.xxx.xx.xx -v 

和

sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:81:localhost:80 root@localhost -p 19999 

一切工作，一旦它連接到主機，我沒有任何問題，但是我不能做這種方式從一個腳本文件。

編輯：我嘗試了在客戶端和命令的主機部分使用-f -N和-q的不同組合，但是我沒有獲得任何成功的結果。我已經得到了最好的是顯示本機的固件歡迎信息

運行netstat命令後，執行命令：從頂部SSH命令

Active Internet connections (w/o servers) 
Proto Recv-Q Send-Q Local Address   Foreign Address   State 
tcp  0  0 xxx.xxxxxxxxx.myvzw.com:xxxx xxxx.us-west-1.compute.xxxxx.com:ssh TIME_WAIT 
tcp  0  0 localhost:49553   localhost:ssh   TIME_WAIT 
udp  0  0 xxx.xxxxxxxxx.myvzw.com:xxxx xxxxxxx:ntp   ESTABLISHED 
Active UNIX domain sockets (w/o servers) 

調試輸出

OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 
    debug1: Reading configuration data /etc/ssh/ssh_config 
    debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 22. 
    debug1: fd 3 clearing O_NONBLOCK 
    debug1: Connection established. 
    debug1: permanently_set_uid: 0/0 
    debug1: identity file /root/.ssh/id_rsa type -1 
    debug1: identity file /root/.ssh/id_rsa-cert type -1 
    debug1: identity file /root/.ssh/id_dsa type -1 
    debug1: identity file /root/.ssh/id_dsa-cert type -1 
    debug1: identity file /root/.ssh/id_ecdsa type -1 
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1 
    debug1: identity file /root/.ssh/id_ed25519 type -1 
    debug1: identity file /root/.ssh/id_ed25519-cert type -1 
    debug1: Enabling compatibility mode for protocol 2.0 
    debug1: Local version string SSH-2.0-OpenSSH_6.6 
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4 
    debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH* compat 0x04000000 
    debug1: SSH2_MSG_KEXINIT sent 
    debug1: SSH2_MSG_KEXINIT received 
    debug1: kex: server->client aes128-ctr hmac-md5 none 
    debug1: kex: client->server aes128-ctr hmac-md5 none 
    debug1: sending SSH2_MSG_KEX_ECDH_INIT 
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
    debug1: Server host key: ECDSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx 
    debug1: Host 'xx:xxx:xxx:xx' is known and matches the ECDSA host key. 
    debug1: Found key in /root/.ssh/known_hosts:5 
    debug1: ssh_ecdsa_verify: signature correct 
    debug1: SSH2_MSG_NEWKEYS sent 
    debug1: expecting SSH2_MSG_NEWKEYS 
    debug1: SSH2_MSG_NEWKEYS received 
    debug1: Roaming not allowed by server 
    debug1: SSH2_MSG_SERVICE_REQUEST sent 
    debug1: SSH2_MSG_SERVICE_ACCEPT received 
    debug1: Authentications that can continue: publickey 
    debug1: Next authentication method: publickey 
    debug1: Trying private key: /root/.ssh/id_rsa 
    debug1: key_parse_private2: missing begin marker 
    debug1: read PEM private key done: type RSA 
    debug1: Authentication succeeded (publickey). 
    Authenticated to xx:xxx:xxx:xx ([xx:xxx:xxx:xx]:22). 
    debug1: Remote connections from LOCALHOST:19999 forwarded to local address localhost:22 
    debug1: channel 0: new [client-session] 
    debug1: Requesting no-more-sessions@openssh.com 
    debug1: Entering interactive session. 
    debug1: remote forward success for: listen 19999, connect localhost:22 
    debug1: All remote forwarding requests processed 
    debug1: Sending command: sleep 5; sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:1195:localhost:1194 root@localhost -p 19999 
    debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768 
    debug1: client_request_forwarded_tcpip: listen localhost port 19999, originator ::1 port 38767 
    debug1: connect_next: host localhost ([127.0.0.1]:22) in progress, fd=7 
    debug1: channel 1: new [::1] 
    debug1: confirm forwarded-tcpip 
    debug1: channel 1: connected to localhost port 22 
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 
    debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 
    debug1: channel 0: free: client-session, nchannels 2 
    debug1: channel 1: free: ::1, nchannels 1 
    Transferred: sent 4768, received 4176 bytes, in 10.4 seconds 
    Bytes per second: sent 459.7, received 402.6 
    debug1: Exit status 0 

謝謝

Answer 1

我似乎已經能夠通過應用一些「睡眠」命令建立反向連接

下面是我的命令

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -f -R 19999:localhost:22 admin@XX.XXX.XXX.XX -v "sleep 5; sshpass -p XXXXXX ssh -L 0.0.0.0:81:localhost:81 root@localhost -p 19999 -v \"sleep 120\" sleep 120" 

所以基本上我把ssh的過程中完成的第二連接，並放置到右後睡覺的第二連接之前睡覺。

有趣的是，連接在120秒後不停止，它保持不變。如果有人願意解釋爲什麼會這樣，或者有更好的方法，請回復 謝謝